Sudoers: Difference between revisions
(Adding Article Footer & Categories) |
Uncletwain (talk | contribs) No edit summary |
||
Line 1: | Line 1: | ||
The file /etc/sudoers lists users authorized to run certain commands as other users. Edit this file if necessary with the '''visudo''' command | The file /etc/sudoers lists users authorized to run certain commands as other users. Edit this file if necessary with the '''visudo''' command. | ||
# grep zimbra /etc/sudoers | |||
%zimbra ALL=NOPASSWD:/opt/zimbra/openldap/libexec/slapd | |||
%zimbra ALL=NOPASSWD:/opt/zimbra/libexec/zmslapd | |||
%zimbra ALL=NOPASSWD:/opt/zimbra/postfix/sbin/postfix, /opt/zimbra/postfix/sbin/postalias, /opt/zimbra/postfix/sbin/qshape.pl, /opt/zimbra/postfix/sbin/postconf,/opt/zimbra/postfix/sbin/postsuper | |||
%zimbra ALL=NOPASSWD:/opt/zimbra/libexec/zmqstat,/opt/zimbra/libexec/zmmtastatus | |||
%zimbra ALL=NOPASSWD:/opt/zimbra/libexec/zmmailboxdmgr | |||
%zimbra ALL=NOPASSWD:/opt/zimbra/bin/zmvertmgr | |||
Please also note it is advisable to check if the requiretty option is set. | Please also note it is advisable to check if the requiretty option is set. |
Revision as of 21:59, 1 October 2009
The file /etc/sudoers lists users authorized to run certain commands as other users. Edit this file if necessary with the visudo command.
- grep zimbra /etc/sudoers
%zimbra ALL=NOPASSWD:/opt/zimbra/openldap/libexec/slapd %zimbra ALL=NOPASSWD:/opt/zimbra/libexec/zmslapd %zimbra ALL=NOPASSWD:/opt/zimbra/postfix/sbin/postfix, /opt/zimbra/postfix/sbin/postalias, /opt/zimbra/postfix/sbin/qshape.pl, /opt/zimbra/postfix/sbin/postconf,/opt/zimbra/postfix/sbin/postsuper %zimbra ALL=NOPASSWD:/opt/zimbra/libexec/zmqstat,/opt/zimbra/libexec/zmmtastatus %zimbra ALL=NOPASSWD:/opt/zimbra/libexec/zmmailboxdmgr %zimbra ALL=NOPASSWD:/opt/zimbra/bin/zmvertmgr
Please also note it is advisable to check if the requiretty option is set. This is done as follows
# grep requiretty /etc/sudoers Defaults requiretty
Using the visudo command comment it out like so. Please note the first # indicates root prompt, the second line # indicates the comment
# visudo #Defaults requiretty
The requiretty line, on a Fedora Core system is around line 56. This may vary on other linux or Mac systems.
On SUSE10SP1 Enterprise Server with 5.0.1 when you get '/etc/sudoers' is 0640 needs to be 0440
and ldap fails to init.
Open /opt/zimbra/libexec/zmsetup.pl in your favorite text editor: Goto Line: 56 (in 5.0.1) Find 0640 change to 0440 and save.
/etc/sudoers needs to be 0440 or it will not complete the requested command. Re-run /opt/zimbra/libexec/zmsetup.pl if you got an error before and all should be good. check the above too.